network bandwidth/agent wazuh

830 views
Skip to first unread message

Ayoub MM

unread,
Mar 13, 2023, 6:18:05 AM3/13/23
to Wazuh mailing list
Hello all,

I need to know the  bandwidth / wazuh agent in windows.
Please i need  to know how much the bandwight consomed in a communication between wazuh manager et wazuh agent in (windows) ??

Thanks you for your help and support.

Regards,
Message has been deleted

Ayoub MM

unread,
Mar 13, 2023, 8:08:47 AM3/13/23
to Adedamola Okelola, Wazuh mailing list
Hello Abedamola,

Thank for your response,.
But i need just a number of bandwith network if there IS a communication between agent and wazuh manager.

Thanks in advance,


Le lun. 13 mars 2023 à 13:04, Adedamola Okelola <adedamol...@wazuh.com> a écrit :
Hello Ayoub,

Thank you for using Wazuh!

No published bandwidth usage requirement exists for communication between the Wazuh server and the agents.
However, the Wazuh agent has been developed to include flow control mechanisms to avoid flooding, queueing events when necessary, and protecting the network bandwidth.

This implies that the traffic between the agent and the Wazuh server will not lead to network bandwidth overloading.

Regards.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/94c3828e-573d-45d5-adf7-51aa54ba18cen%40googlegroups.com.

Adedamola Okelola

unread,
Mar 13, 2023, 8:21:22 AM3/13/23
to Wazuh mailing list
Hi Ayoub,
Yes, I understand. 
The communication protocol used by the Wazuh agent uses zlib and the DEFLATE compression algorithm before encrypting the information to send for analysis by the Wazuh manager (see this for reference). In our experience, this achieves compression between 10 and 20 times depending on the entropy of the messages.

Since each environment and each endpoint is different, the amount of bandwidth will greatly depend on your use case, but we observe that on average each message is 1KB in size before compression and that endpoints send between 5 EPS (for network devices) and 1 EPS (for workstations) on average, with a typical server sending 2.5 EPS.

So on average, you can expect that a monitored endpoint will consume approximately 175 bytes per second, which even when handling thousands of monitored endpoints will be negligible for most modern infrastructure.

I hope you find this information useful.

Ayoub MM

unread,
Mar 13, 2023, 8:49:52 AM3/13/23
to Wazuh mailing list
Thank you Adedamola,
for the details in your answer,

Regards,
Reply all
Reply to author
Forward
0 new messages